| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: pg_hba, access control for a webserver, superuser, and joe user |
| Date: | 2003-01-29 07:26:56 |
| Message-ID: | 20030129072656.GA19996@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Tue, Jan 28, 2003 at 15:39:03 -0800,
Jerry Asher <jerry(dot)nospam(at)theashergroup(dot)com> wrote:
>
> Does the order of statements in pg_hba.conf matter?
> Is there a priority and a fallback of sorts? Try this first mechanism
> and if that fails, try the next mechanism?
Yes the order matters. Only the first rule that matches is used to
do the authentication. If it fails no other rules are tried.
For your kind of set up, you want to do the user specific rules first
(postgres and the web user) followed by the wildcard rule for users
connecting to a matching database.
Here is a sample that I use that is similar to what you are trying to do.
HBA:
local all postgres ident postgres
local area,book,cube,template1 bruno ident sameuser
local area,book nobody ident nobody
local sameuser all ident sameuser
IDENT:
postgres root postgres
postgres bruno postgres
postgres postgres postgres
nobody bruno nobody
nobody nobody nobody
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yudha Setiawan | 2003-01-29 09:20:11 | Just Make Sure |
| Previous Message | Shridhar Daithankar<shridhar_daithankar@persistent.co.in> | 2003-01-29 06:22:06 | Re: [ADMIN] Cannot connect to the database (PG 7.3) |